[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Accelerating all outbound traffic from LAN

Posted on 2007-08-03
22
Medium Priority
?
692 Views
Last Modified: 2008-01-09
I'm looking for products that will accelerate LAN traffic to the internet. However, it's not really WAN  optimization (in the typical scenerio), since it's not going to a specific endpoint, I just want to speed up all traffic going outbound from our LAN. Basically using a hardware device of some kind to leverage the bandwidth we already have instead of buying more.

I've seen a lot of companies out there for WAN acceleration like Riverbed and Juniper, but their solutions are really expensive and I'm wondering if there are any other ideas out there that are a little more reasonable that are just for all outbound traffic from a LAN.

Any ideas?
0
Comment
Question by:wlandymore
  • 9
  • 6
  • 5
  • +1
21 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19631490
Not cheap either but will work to balance the load on outbound WAN circuits -> FatPipe
0
 
LVL 57

Expert Comment

by:giltjr
ID: 19632714
You are looking for a magic bullet and there are none.  WAN acceleration devices work in pairs and work by a few different methods, all which are really "data reduction" methods.  Data compression, data differental transmission, or various methods of data compressions.

Now, if you are talking about specific types of traffic, such as HTML, there are devices that will do dynamic HTML compression.  But they only work for HTML.  

FatPipes really does not do WAN acceleration, it will do outbound load balancing, assuming you have multiple Internet links via multiple ISP and you are not already doing BGP.
0
 

Expert Comment

by:jotase74
ID: 19633739
Where is the "choke point" in your network, just between yourself and your ISP?  Also, would it be possible for you to block certain miscellaneous sites that are more bandwidth intensive so as to give more to the sites that actually need it?
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 29

Expert Comment

by:Jan Springer
ID: 19634247
If he is not going to use BGP along with the knobs to tweak outbound traffic and doesn't want an expensive device to determine best path but wants to leverage the bandwidth he already has, load balancing is a good option.

The only other real option that I see (and this presumes an intelligent device) is QoS, marking the LAN traffic and prioritizing that traffic over other traffic.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19634279
I don't need two devices in this case because it's just to speed up traffic going to the outside world. And yes, you can get WAN acceleration without using a pair of hardware devices. Riverbad actually claims that they can do this with just one device. But since Riverbed is about 20,000/per device that's not really in the price range.
I'm looking at webfilters, etc. to see if I can limit the sites and things that are soaking it up, but I would also like to know if there is something out there LIKE wan acceleration that can speed up ALL outbound traffic to the internet.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 19635676
Which Riverbed device are you looking at?  

Yes, there are some devices that can accelerate SOME WAN traffic without installing pairs.  They are generally limited to HTTP protocols though.

Device that "accelerate" the traffic don't speed up how fast the data goes over the WAN.  They reduced the amount of data that flows over the WAN.  They do this by various methods, such as data compression.  However to use a single device means that you have to be using protocols where the client/server allow for compressed data normally.

Examples:  

Web browsers allow for content to be statical or dynamically compressed using gzip or deflate. So you can install a product that does gzip/default compression for HTTP traffic.  Riverbed has their Web Application Accelerator that would fall into this category.

CIFS/Samba does not allow for data to be dynamically or statically compressed.  So if you are doing file sharing over a WAN you can't install a single box that could reduce the amount of data being sent over the WAN.  You have to install a pair of boxes.  One on each side.  Once that compresses the data and one that de-compresses the data.  Riverbed has their Wide Area File Services device that falls into this category.

There is NO device on the market that installed by itself that will "accelerate" ALL traffic.  Some applications (POP, SMTP for example) do not allow for compression of data, so there is nothing that can be done by one box that would be able to accelerate this type of traffic.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19639623
It's more like bandwidth management I guess. I'm looking for a device that can prioritize traffic to certain locations and based on what kind of application/protocol is being used.

For example, if I want to shut down iTunes for everyone but two users, I can allow iTunes traffic through for those two but it limits everyone else to nothing or a set limit. Then if I want to have a 'pipe' so that traffic out to a certain site is prioritized and goes through quickly, it can.

Hope that's more clear.  
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19640305
I still think the FatPipe can do some or most of what you are trying to accomplish.  Or access-lists on the router (if you can do that).
0
 
LVL 57

Expert Comment

by:giltjr
ID: 19641066
Some firewalls can limit bandwidth based on protocol.  As _jesper_ stated you can use access-lists on a router, now not all routers will support that.

If you firewall/router does not support this, then you need to get something that is "inline" between the users and the outside world.    You could do this for free with GNU/Linux Kernel 2.6, two NIC's, and use tc commands for bandwidth shaping.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19648562
firewall/router not an option
I'll look at the fatPipe. It would have to be something along that tangent....
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19648638
I took a look at the FatPipe but it seemed to be more about link redundancy than anything else. I need something where you can allocate bandwidth to certain applications, etc. but only for outgoing traffic - not to a specific endpoint on a WAN.

Is there no hardware appliance out there for that?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19648703
Other than QoS on a switch, I'm not familiar with any specific product.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19648749
One other thought, I have done rate-limiting with access-lists on cisco routers by defining the max amount of bandwidth that a particular application can use.  Not as good as QoS but you would be guaranteeing a specified amount for, example, http traffic.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19648941
on the surface that would be good, but it would have to be something at the application level because if you end up saying you want 50% of your bandwidth to go to port 80 you would have things like Morpheus, BitTorrent, iTunes, MSN, that all seem to be able to go over port 80 in the event of something trying to stop them, soaking up bandwidth.
If it was an application level solution you could tell it to just drop all of those things and only allow HTTP through.
That's what I'm looking for.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 19649207
--> something at the application level

There is a BIG problem.  From the network's point of view a service is an application, so port 80 is the application.  It (the network) does not know, nor does it care about the "program" using that "application/service."  From the networks point of view, Morpheus, BitTorrent, iTunes, etc. are considered content when using port 80, not an application.

I know that Squid can do bandwidth throttling by scanning for the attachment HTTP header and then limiting bandwidth based on the file name in this header.  However I am not sure how those other programs work, so I don't know if it (or any other product) can do what you are asking.

The only thing you could do is limit traffic based on the "outside" IP address and port 80.

You would have to get something that examines the actual data content for all packets dealing with port 80 and then try and figure out what that packet is.  Now there could be some software/devices that have this smarts built into them already.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 19649291
Actually,

I use NBAR in conjunction with access-lists for rate-limiting to avoid the problem that you mention above.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19649333
yeah, I'm talking about the signature of the application that is running through the port. Exinda would do something like that but I don't like the fact that Exinda only does port 80 and that's it. I like the way things like Riverbed will do all TCP traffic, but those devices have too much to offer for a project like this.

I want something as simple as the Exinda box with just a little more functionality.
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19649352
Squid looks pretty close. Is that hardware or software?
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19649363
software
0
 
LVL 1

Author Comment

by:wlandymore
ID: 19649381
just doesn't have the possibility of limiting certain applications based on IP, etc. Just proxy server to improve web, etc.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 750 total points
ID: 19650869
Actually can limit rate based on IP address,

Here is an article that shows how to use delay pools:

http://www.enterpriseitplanet.com/networking/features/article.php/3374261

You can find more by searching on Squid Delay Pools.  Now in order to use delay pools you do need to know the remote IP address.  In fact for any type of rate limiting you really should know the IP addresses you want to limit.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question